Not having any luck with postfix integration

From: Allan Wind <>
Date: Thu, 19 Jul 2012 02:00:36 -0400


I am trying to add openkim 2.0.1 to a postfix 2.8.2 relay server.
Clients authenticate via self-signed tls certs, and I am trying
to use cert_issuer as the authentication.

Here is my opendkim.conf:

KeyFile /etc/postfix/opendkim.private
LogWhy yes
MacroList {cert_issuer}
Selector s0
Syslog yes
UMask 002

Outgoing mails are not signed and I get the following logged:

Jul 19 05:50:37 pawan opendkim[3674]: 29D352F1 no macros match
Jul 19 05:50:37 pawan opendkim[3674]: 29D352F1
[] not internal
Jul 19 05:50:37 pawan opendkim[3674]: 29D352F1 not authenticated
Jul 19 05:50:37 pawan opendkim[3674]: 29D352F1: no signature data

Not sure which part of the protocol opendkim requires the macro
so I asked postfix to send it over all the time:

milter_data_macros = ${milter_helo_macros}
milter_default_action = accept
milter_end_of_data_macros = ${milter_helo_macros}
milter_end_of_header_macros = ${milter_helo_macros}
milter_helo_macros = i {cert_issuer}
milter_mail_macros = ${milter_helo_macros}

non_smtpd_milters = $smtpd_milters
smtpd_milters = inet:localhost:12345

If I add the particular client IP then I only get the "no macros
match". The only thing I really can add is a wildcard as my
clients do not come from fixed IPs:


Jul 19 05:54:33 pawan opendkim[6361]: EEFA62F1 no macros match

I tried with {cert_subject} but made no difference. Enabled
debugging in postfix and it at least claims that issuer is sent.

Tried with different protocol versions in postfix but does not
seem to make a difference.

Allan Wind
Life Integrity, LLC
Received on Thu Jul 19 2012 - 06:00:51 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:41 PST